home

Supported platforms

Vyatta NOS documentation

Learn how to install, configure, and operate Vyatta Network Operating System (Vyatta NOS), which helps to drive our virtual networking and physical platforms portfolio.

Matching TCP flags

The vRouter supports filtering on the TCP flags within TCP packets. For example, to create a rule to accept packets with the SYN flag set and the ACK, FIN, and RST flags unset, perform the following steps in configuration mode.

Table 1. Accepting packets with specific TCP flags set
Step Command

Set the protocol to match to TCP.

vyatta@R1# set security firewall name TCP-FLAGS rule 30 protocol tcp 

Set the TCP flags to match.

vyatta@R1# set security firewall name TCP-FLAGS rule 30 tcp flags SYN,!ACK,!FIN,!RST

Set the action to accept.

vyatta@R1# set security firewall name TCP-FLAGS rule 30 action accept

Commit the configuration.

vyatta@R1# commit

Show the configuration.

vyatta@R1#vyatta@R1# show security firewall name TCP-FLAGS

name TCP-FLAGS {
    rule 30 {
        action accept
        protocol tcp
        tcp {
            flags SYN,!ACK,!FIN,!RST
        }
    }
}
vyatta@R1#